| ExxonMobil Is Suing Investors Who Want Faster Climate Action Mar 1st 2024, 03:30, by BeauHD An anonymous reader quotes a report from NPR: ExxonMobil faces dozens of lawsuits from states and localities alleging the company lied for decades about its role in climate change and the dangers of burning fossil fuels. But now, ExxonMobil is going on the offensive with a lawsuit targeting investors who want the company to slash pollution that's raising global temperatures. Investors in publicly-traded companies like ExxonMobil try to shape corporate policies by filing shareholder proposals that are voted on at annual meetings. ExxonMobil says it's fed up with a pair of investor groups that it claims are abusing the system by filing similar proposals year after year in an effort to micromanage its business. ExxonMobil's lawsuit points to growing tensions between companies and activist investors calling for corporations to do more to shrink their climate impact and prepare for a hotter world. Interest groups on both sides of the case say it could unleash a wave of corporate litigation against climate activists. It is happening at a time when global temperatures continue to rise, and corporate analysts say most companies aren't on track to meet targets they set to reduce their heat-trapping emissions. "Exxon is really upping the ante here in a big way by bringing this case," says Josh Zinner, chief executive of an investor coalition called the Interfaith Center on Corporate Accountability, whose members include a defendant in the ExxonMobil case. "Other companies could use this tactic not just to block resolutions," Zinner says, "but to intimidate their shareholders from even bringing these [climate] issues to the table." ExxonMobil said in an email that it is suing the investor groups Arjuna Capital and Follow This because the U.S. Securities and Exchange Commission (SEC) isn't enforcing rules governing when investors can resubmit shareholder proposals. A court is the "the right place to get clarity on SEC rules," ExxonMobil said, adding that the case "is not about climate change." Other corporations are watching ExxonMobil's case, says Charles Crain, a vice president at the National Association of Manufacturers, which represents ExxonMobil and other industrial companies. "If companies are decreasingly able to get the SEC to allow them to exclude proposals that are obviously politically motivated, then the next question is, well, can the courts succeed where the SEC has failed -- or, more accurately, not even tried?," Crain says. "The shareholder proposal from Arjuna and Follow This called for ExxonMobil to cut emissions faster from its own operations and from its supply chain, including the pollution that's created when customers burn its oil and natural gas," notes NPR. "That indirect pollution, known as Scope 3 emissions, accounts for 90% of ExxonMobil's carbon footprint." "ExxonMobil says it is committed to cutting emissions from its operations. But the idea that activist investors like Arjuna and Follow This can quickly push the company out of the oil and gas business with new climate policies is 'simplistic and against the interests of the vast majority of ExxonMobil shareholders,' the company said in a court filing in Texas." The company added that while shareholders are entitled to submit proposals, they don't have "an unlimited right to put forth any proposal to do anything." "Their intent is to advance their agenda rather than creating long-term value for shareholders," ExxonMobil said of Arjuna and Follow This.   Read more of this story at Slashdot. | | Calendar Meeting Links Used To Spread Mac Malware Mar 1st 2024, 02:02, by BeauHD Hackers targeting individuals in the cryptocurrency sector are using a sophisticated phishing scheme that begins with a malicious link on Calendly. "The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call," reports Krebs on Security. "But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems." From the report: A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. "When the project team clicks the link, they encounter a region access restriction," SlowMist wrote. "At this point, the North Korean hackers coax the team into downloading and running a 'location-modifying' malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds." SlowMist says the North Korean phishing scams used the "Add Custom Link" feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. "Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion," the blog post explains. "Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code." SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group. "A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs," Kaspersky wrote of BlueNoroff in Dec. 2023. Read more of this story at Slashdot. | | Court Orders Maker of Pegasus Spyware To Hand Over Code To WhatsApp Mar 1st 2024, 01:25, by BeauHD Stephanie Kirchgaessner reports via The Guardian: NSO Group, the maker of one the world's most sophisticated cyber weapons, has been ordered by a US court to hand its code for Pegasus and other spyware products to WhatsApp as part of the company's ongoing litigation. The decision by Judge Phyllis Hamilton is a major legal victory for WhatsApp, the Meta-owned communication app which has been embroiled in a lawsuit against NSO since 2019, when it alleged that the Israeli company's spyware had been used against 1,400 WhatsApp users over a two-week period. NSO's Pegasus code, and code for other surveillance products it sells, is seen as a closely and highly sought state secret. NSO is closely regulated by the Israeli ministry of defense, which must review and approve the sale of all licences to foreign governments. In reaching her decision, Hamilton considered a plea by NSO to excuse it of all its discovery obligations in the case due to "various US and Israeli restrictions." Ultimately, however, she sided with WhatsApp in ordering the company to produce"all relevant spyware" for a period of one year before and after the two weeks in which WhatsApp users were allegedly attacked: from 29 April 2018 to 10 May 2020. NSO must also give WhatsApp information "concerning the full functionality of the relevant spyware." Hamilton did, however, decide in NSO's favor on a different matter: the company will not be forced at this time to divulge the names of its clients or information regarding its server architecture. Read more of this story at Slashdot. | | The FBI Is Using Push Notifications To Catch Sexual Predators Mar 1st 2024, 00:45, by BeauHD According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr. How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...] If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted. Read more of this story at Slashdot. | | Self-Pay Gas Station Pumps Break Across NZ As Software Can't Handle Leap Day Mar 1st 2024, 00:02, by BeauHD An anonymous reader quotes a report from Ars Technica: Today is Leap Day, meaning that for the first time in four years, it's February 29. That's normally a quirky, astronomical factoid (or a very special birthday for some). But that unique calendar date broke gas station payment systems across New Zealand for much of the day. As reported by numerous international outlets, self-serve pumps in New Zealand were unable to accept card payments due to a problem with the gas pumps' payment processing software. The New Zealand Herald reported that the outage lasted "more than 10 hours." This effectively shuttered some gas stations, while others had to rely on in-store payments. The outage affected suppliers, including Allied Petroleum, BP, Gull, Waitomo, and Z Energy, and has reportedly been fixed. In-house payment solutions, such as BP fuel cards and the Waitomo app, reportedly still worked during the outage. A representative for Petroleum, when prompted via Facebook to "maybe remember Leap Day in four years' time," responded: "We'll add it to our Outlook reminders :(" Read more of this story at Slashdot. | | Ford EV Owners Can Now Charge On Tesla's Network Feb 29th 2024, 23:20, by BeauHD Starting today, Ford electric vehicle owners can use one of Tesla's 2,400+ superchargers, but there's a hitch. "They'll need to get an adapter that Ford will provide for free, although the company won't start shipping those until the end of March," notes the Associated Press. Product Reviewer MKBHD also notes that non-Teslas will need to park in a spot that blocks 2 spots where a Tesla would take up one. "If the charge station fills up the remaining spots with Teslas, the app will show 1 charger as available but the parking spot is blocked by the Mach-E," adds MKBHD. From the report: Last May, Ford became the first automaker to reach an agreement with the Austin, Texas-based Tesla to charge on its network, which is the largest and most well-placed in the U.S. Tesla has more than 26,000 plugs and nearly 2,400 Supercharger stations across the U.S. and Canada. Ford said its owners will have access to about 15,000 Tesla fast-charging plugs that are located strategically along travel corridors. Ford owners won't be able to use some older Tesla plugs. Most other automakers followed Ford in joining Tesla's network and agreeing to switch to Tesla's plug, called the North American Charging Standard, which is smaller and easier to use than the current plugs on most other EVs sold in the two countries. Ford said adding the Tesla plugs will double the size of the network that can be used by Ford EV owners. There are nearly 166,000 Ford EVs in the U.S. Ford is offering the adapters for free to the owners, who can sign up on the Ford.com website to reserve them between Thursday and June 30. The company will provide one free adapter per vehicle. Tesla's network was turned on Wednesday morning, and software enabling the Ford vehicles to charge at Tesla stations was to be sent out around the same time. Ford will switch to Tesla's charging connector with its second-generation EVs starting next year. Read more of this story at Slashdot. | | BC Lawyer Reprimanded For Citing Fake Cases Invented By ChatGPT Feb 29th 2024, 22:40, by BeauHD A B.C. lawyer has been ordered to pay costs for opposing counsel for the time they took to discover that two cases she cited as precedent were created by ChatGPT. CBC News reports: The cases would have provided compelling precedent for a divorced dad to take his children to China -- had they been real. But instead of savouring courtroom victory, the Vancouver lawyer for a millionaire embroiled in an acrimonious split has been told to personally compensate her client's ex-wife's lawyers for the time it took them to learn the cases she hoped to cite were conjured up by ChatGPT. In a decision released Monday, a B.C. Supreme Court judge reprimanded lawyer Chong Ke for including two AI "hallucinations" in an application filed last December. The cases never made it into Ke's arguments; they were withdrawn once she learned they were non-existent. Justice David Masuhara said he didn't think the lawyer intended to deceive the court -- but he was troubled all the same. "As this case has unfortunately made clear, generative AI is still no substitute for the professional expertise that the justice system requires of lawyers," Masuhara wrote in a "final comment" appended to his ruling. "Competence in the selection and use of any technology tools, including those powered by AI, is critical." Read more of this story at Slashdot. | | Cheap Doorbell Cameras Can Be Easily Hijacked, Says Consumer Reports Feb 29th 2024, 22:02, by BeauHD An anonymous reader quotes a report from Ars Technica: Video doorbell cameras have been commoditized to the point where they're available for $30-$40 on marketplaces like Amazon, Walmart, Temu, and Shein. The true cost of owning one might be much greater, however. Consumer Reports (CR) has released the findings of a security investigation into two budget-minded doorbell brands, Eken and Tuck, which are largely the same hardware produced by the Eken Group in China, according to CR. The cameras are further resold under at least 10 more brands. The cameras are set up through a common mobile app, Aiwit. And the cameras share something else, CR claims: "troubling security vulnerabilities." Among the camera's vulnerabilities cited by CR: - Sending public IP addresses and Wi-Fi SSIDs (names) over the Internet without encryption - Takeover of the cameras by putting them into pairing mode (which you can do from a front-facing button on some models) and connecting through the Aiwit app - Access to still images from the video feed and other information by knowing the camera's serial number. CR also noted that Eken cameras lacked an FCC registration code. More than 4,200 were sold in January 2024, according to CR, and often held an Amazon "Overall Pick" label (as one model did when an Ars writer looked on Wednesday). CR issued vulnerability disclosures to Eken and Tuck regarding its findings. The disclosures note the amount of data that is sent over the network without authentication, including JPEG files, the local SSID, and external IP address. It notes that after a malicious user has re-paired a doorbell with a QR code generated by the Aiwit app, they have complete control over the device until a user sees an email from Eken and reclaims the doorbell. "These video doorbells from little known manufacturers have serious security and privacy vulnerabilities, and now they've found their way onto major digital marketplaces such as Amazon and Walmart," said Justin Brookman, director of tech policy at Consumer Reports, in a statement. "Both the manufacturers and platforms that sell the doorbells have a responsibility to ensure that these products are not putting consumers in harm's way." Read more of this story at Slashdot. | | Google is Making Search Suggestions in Chrome More Helpful Feb 29th 2024, 21:22, by msmash An anonymous reader shares a report: Google is introducing improvements to search suggestions in Chrome, the company announced today. As part of the changes, users will start to get more helpful search suggestions in Chrome based on what others are searching for, see more images for suggested searches and find search suggestions even with a poor connection. Search suggestions are the drop-down list of suggested completions that appear before you finish typing out your query in Google. The feature generates predictions to help users save time and speed up their search. With these new updates, Google is expanding the availability of search suggestions and using them to boost inspiration. When users are signed into Chrome on desktop and open a new tab, they will now start to see suggestions in the search box related to their previous searches based on what other people are searching for. Read more of this story at Slashdot. | | Popular Video Doorbells Can Be Easily Hijacked, Researchers Find Feb 29th 2024, 20:41, by msmash Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer Reports. From a report: On Thursday, the non-profit Consumer Reports published research that detailed four security and privacy flaws in cameras made by EKEN, a company based in Shenzhen, China, which makes cameras branded as EKEN, but also, apparently, Tuck and other brands. These relatively cheap doorbell cameras were available on online marketplaces like Walmart and Temu, which removed them from sale after Consumer Reports reached out to the companies to flag the problems. These doorbell cameras are, however, still available elsewhere. According to Consumer Reports, the most impactful issue is that if someone is in close proximity to a EKEN doorbell camera, they can take "full control" of it by simply downloading its official app -- called Aiwit -- and putting the camera in pairing mode by simply holding down the doorbell's button for eight seconds. Aiwit's app has more than a million downloads on Google Play, suggesting it is widely used. At that point, the malicious user can create their own account on the app, scan the QR code generated by the app by putting it in front of the doorbell's camera. Read more of this story at Slashdot. | | 'Grand Theft Auto' Maker Rockstar Games Asks Workers To Return To Office Five Days a Week Feb 29th 2024, 20:00, by msmash Rockstar Games, a division of Take-Two Interactive Software, will ask employees to return to the office five days a week beginning in April as the video-game maker enters the final stages of development on its next game, the hotly anticipated Grand Theft Auto VI. Bloomberg: In an email to staff on Wednesday reviewed by Bloomberg, Rockstar Head of Publishing Jenn Kolbe said the decision was made for productivity and security reasons. The company has faced several security breaches including a massive dump of early footage from the new Grand Theft Auto and an early trailer that leaked in December. Kolbe wrote that the company also found "tangible benefits" from in-person work. "Making these changes now puts us in the best position to deliver the next Grand Theft Auto at the level of quality and polish we know it requires, along with a publishing roadmap that matches the scale and ambition of the game," she wrote. Read more of this story at Slashdot. | | Apple Wants You To Know It's Working On AI Feb 29th 2024, 19:21, by msmash Apple plans to disclose more about its plans to put generative AI to use later this year, Chief Executive Officer Tim Cook said during the company's annual shareholder meeting on Wednesday. From a report: Cook said that the iPhone maker sees "incredible breakthrough potential for generative AI, which is why we're currently investing significantly in this area. We believe that will unlock transformative opportunities for users when it comes to productivity, problem solving and more." Apple has been slower in rolling out generative AI, which can generate human-like responses to written prompts, than rivals such as Microsoftand Alphabet's Google, which are weaving them into products. On Wednesday, Cook argued that AI is already at work behind the scenes in Apple's products but said there would be more news on explicit AI features later this year. Bloomberg previously reported Apple plans to use AI to improve the ability to search through data stored on Apple devices. "Every Mac that is powered by Apple silicon is an extraordinarily capable AI machine. In fact, there's no better computer for AI on the market today," Cook said. Read more of this story at Slashdot. | | Microsoft is Working With Nvidia, AMD and Intel To Improve Upscaling Support in PC Games Feb 29th 2024, 18:41, by msmash Microsoft has outlined a new Windows API designed to offer a seamless way for game developers to integrate super resolution AI-upscaling features from Nvidia, AMD, and Intel. From a report: In a new blog post, program manager Joshua Tucker describes Microsoft's new DirectSR API as the "missing link" between games and super resolution technologies, and says it should provide "a smoother, more efficient experience that scales across hardware." "This API enables multi-vendor SR [super resolution] through a common set of inputs and outputs, allowing a single code path to activate a variety of solutions including Nvidia DLSS Super Resolution, AMD FidelityFX Super Resolution, and Intel XeSS," the post reads. The pitch seems to be that developers will be able to support this DirectSR API, rather than having to write code for each and every upscaling technology. The blog post comes a couple of weeks after an "Automatic Super Resolution" feature was spotted in a test version of Windows 11, which promised to "use AI to make supported games play more smoothly with enhanced details." Now, it seems the feature will plug into existing super resolution technologies like DLSS, FSR, and XeSS rather than offering a Windows-level alternative. Read more of this story at Slashdot. | | Ultraprocessed Foods Linked To Heart Disease, Diabetes, Mental Disorders and Early Death, Study Finds Feb 29th 2024, 18:01, by msmash Eating ultraprocessed foods raises the risk of developing or dying from dozens of adverse health conditions, according to a new review of 45 meta-analyses on almost 10 million people. From a report: "We found consistent evidence linking higher intakes of ultra-processed foods with over 70% of the 45 different health outcomes we assessed," said senior author Wolfgang Marx, a senior research fellow at the Food & Mood Centre at Deakin University in Geelong, Australia, in an email. A higher intake was considered about one serving or about 10% more ultraprocessed foods per day, said Heinz Freisling, a scientist in the nutrition and metabolism branch of the World Health Organization's International Agency for Research on Cancer, in an email. "This proportion can be regarded as 'baseline' and for people consuming more than this baseline, the risk might increase," said Freisling, who was not involved in the study. Researchers graded each study as having credible or strong, highly suggestive, suggestive, weak or no evidence. All the studies in the review were published in the past three years, and none was funded by companies involved in the production of ultraprocessed foods, the authors said. "Strong evidence shows that a higher intake of ultra-processed foods was associated with approximately 50% higher risk of cardiovascular disease-related death and common mental disorders," said lead author Dr. Melissa Lane, a postdoctoral research fellow at Deakin, in an email. Cardiovascular disease encompasses heart attacks, stroke, clogged arteries and peripheral artery disease. The study: Ultra-processed food exposure and adverse health outcomes: umbrella review of epidemiological meta-analyses (BMJ) Read more of this story at Slashdot. | | Avoiding Common Pitfalls When First Contributing To Open Source Feb 29th 2024, 17:22, by msmash Angie Byron, a long-time member of the Drupal community, offers guidance on avoiding common mistakes and general good-practices for those new to contributing to open-source projects: [...] You might not know it yet, but as a newcomer to an open source project, you have this AMAZING superpower: you are often-times the only one in that whole project capable of reading the documentation through new eyes. Because I can guarantee, the people who wrote that documentation are not new. :-) So take time to read the docs and file issues (or better yet, pull requests) for anything that was unclear. This lets you get a "feel" for contributing in a project/community without needing to go way down the deep end of learning coding standards and unit tests and commit signing and whatever other bananas things they're about to make you do. :) Also, people are more likely to take time to help you, if you've helped them first! Read more of this story at Slashdot. | |
Comments
Post a Comment